What does "( p)" in gpg field of a "zypper lr" mean?

I installed Leap on both my laptop and my desktop. I configured the laptop first. I
got lots of good help here to solve some issues with the laptop. When I finally had
that working correctly, I took a short break, and started configuring the desktop.
I figured the things I needed to do were all fresh enough in my mind to just get it
done.

I was almost correct. I’ve got both computers up and running enough to get back to
writing my book. But When I added google-chrome to the laptop I was working from a
good how-to that I couldn’t find again when it came time to add the google-chrome
repo to my sources.

No problem, I thought… I extracted the url from the laptop’s Leap installation,
with which I used zypper to add it to the desktop’s Leap installation.

But I must have forgot a step because:

Just like the rest of my enabled repos. But on the desktop:

I thought it had something to do with the repo’s signing key. But when I finally
found the howto I’d followed to add google-crome to my laptop, I somewhat belatedly
followed the instructions. Only the first recommended step was done afterwards.

Which I followed when I added google-chrome to my laptop. Except I used a root shell
instead of sudo… But the sequence on my desktop was more like:


# open root shell #
$ su
Password:
#

# Add google chrome repository #
# zypper ar http://dl.google.com/linux/chrome/rpm/stable/x86_64 google-crom

# fix typo #
# zypper mr -n google-chrome 6

# Refresh repository #
# zypper ref

# Install google chrome browser #
# zypper in google-chrome-stable

# Install google's PGP key to avoid key warnings #
# wget https://dl.google.com/linux/linux_signing_key.pub
# rpm --import linux_signing_key.pub

After which I did the following:


# zypper ref

Since the ( p) is in the gpg check column I tried toggling the gpg check off and on:


# zypper mr -G 6

Which changed it to “( ) No” But when I turned it back on:


# zypper mr -g 6

It resumed saying “( p) Yes”… {sigh}

In the long run it probably won’t matter, but it bugs me that I don’t know what the
( p) means. Nor, assuming it should say “(r ) Yes” like the rest of them, I have
no clue how to fix it.

Would somebody please explain it to me?

Thanks


JtWdyP

Hi
From the zypper man page :wink:


The following data can be printed for each repository found on the system: # (repository number), Alias (unique identifier), Name, Enabled (whether
the repository is enabled), GPG Check (whether GPG check for repository metadata (r) and/or downloaded rpm packages (p) is enabled)

So p also checks the rpm’s gpg key…

It would appear that on Jun 21, malcolmlewis did say:

> jtwdyp;2783144 Wrote:
> >
> >
> > <snip>
> >
> > It resumed saying “( p) Yes”… {sigh}
> >
> > In the long run it probably won’t matter, but it bugs me that I don’t
> > know what the
> > ( p) means. Nor, assuming it should say “(r ) Yes” like the rest of
> > them, I have
> > no clue how to fix it.
> >
> > Would somebody please explain it to me?
> >
> > Thanks
> >
> > –
> > JtWdyP
> Hi
> From the zypper man page :wink:

Yeah… I’ve not had much success understanding most man pages that usually seem
designed to remind experts which options are currently available and the syntax
needed to use them. Rather than to explain to Joe user how and what to use an
unfamiliar application for… Though to be fair THAT man doc does a better job of
explaining things than most. Heck it even includes several command examples?!?

But with over 2000 lines of densely packed information, I’m not really surprised that
I can’t find the instruction on how to choose which type of gpg checking to use.

> Code:
> --------------------
>
> The following data can be printed for each repository found on the system: # (repository number), Alias (unique identifier), Name, Enabled (whether
> the repository is enabled), GPG Check (whether GPG check for repository metadata (r) and/or downloaded rpm packages (p) is enabled)
>
> --------------------
>
> So p also checks the rpm’s gpg key…

GPG Check (whether GPG check for repository metadata (r) and/or downloaded rpm packages
(p) is enabled)

Yeah, that much I figured by the word “Yes” found next to the (r ) or ( p) in the gpg
check column of the zypper lr output… Though I’ll admit I didn’t know the p meant to
check the downloaded rpm…

But there must be a reason why all the other repos are checking the meta-data instead
of the downloaded rpm. And it can’t be something determined by the repo itself or else
my laptop wouldn’t say (r ) for the same repo…

I guess what I’m trying to find out is:

  1. which is more secure, checking the repo meta data or the downloaded rpm?

  2. How can I choose which checking method is going to be used?

  3. And wouldn’t it be even more secure {if possible} to check both “(rp) Yes”?

I think it might be possible to check both because the two flag characters are
positioned differently within the two character space inside the parenthesis. And
because the part of the man doc you quoted says: “** and/or **”…


JtWdyP

I see man pages as a great asset of linux/unix. Yes, they can be a bit cryptic.

I have PAGER=less (in the environment), and I can usually search for what I am seeking (“less” searching patterns).

By contrast, Windows HELP documentation seems nearly useless to me. I can never find what I am looking for.

Back to the main topic.

When I saw this thread, I of course did “zypper lr -d” to check what I am seeing.

I get “r” for all but one repo, and “p” for that one. The one repo with “p” (configured, but not really using at present) is the adobe repo for flash plugins. I did use “rpmkeys” to add the adobe signing key so that it could be used for checking. The repo (the metadata) is apparently not signed.

In general that is a correct observation. In Unix/Linux one should first understand what a program/tool is for, what it can do for you (and what not). Tutorial. course, whatever.

And then, in use, one can check the details (that were forgotten) with the man page.

Trying to learn a tool from it’s man page only is making the learning curve of Unix/Linux even steeper then it is already. Frustrating for people (Joe user?) who just want to jump in something without being prepared to take the time to study first. :stuck_out_tongue:

But I admit that the zyper man page combines a lot of explaining above the strict syntax definitions.

It would appear that on Jun 22, nrickert did say:

> I see man pages as a great asset of linux/unix. Yes, they can be a bit
> cryptic.
>
> By contrast, Windows HELP documentation seems nearly useless to me. I
> can never find what I am looking for.

Which I take as proof positive that your at least as smart as I thought you
were. I’ll admit even very “dry” man documents are better than what
Window’s calls HELP…

And that this particular man doc is better than most.